Logging In Using Multi-factor Authentication

Planon IoT : IoT Platform - Developer's Guide : Login – Auth : Logging In Using Multi-factor Authentication

Multi-factor Authentication (MFA) is a method of verifying a user’s identity, which requires that the user present more than one piece of identifying information. This method provides an additional layer of security, decreasing the likelihood of unauthorized access.

IoT Platform supports an optional MFA mechanism on its authentication gateway, which is currently implemented by the IoT Platform REST API. IoT Platform ’s MFA mechanism is not enabled by default, and must be enabled by editing the enableMultiFactorAuthentication property on the relevant Application endpoint. When MFA is enabled for an Application, the IoT Platform system provides a second factor binding code using one of the supported Multifactor Authenticators (SMS or Email).

In order to log in to the IoT Platform Portal and the IoT Platform API, you should obtain the IoT Platform authentication token. If the MFA mechanism is enabled, the following flow applies. The objective of this flow is to obtain IoT Platform ’s authentication –

• The IoT Platform system provides a second factor binding code using one of the supported Multifactor Authenticators (SMS or Email). If the user has a mobile number that has been saved in the IoT Platform system, the user is sent an SMS that contains the binding code. Otherwise, the user is sent an email containing the binding code in the MFA login response.

• After the user receives the binding code (either by SMS or email), the user can log in using an Auth/verifyMultifactorBindingCode If the parameters supplied in this request are valid, the user can use the provided authentication token to access IoT Platform REST API endpoints. In this case, a 200 OK status code is returned in the Auth/verifyMultifactorBindingCode response.

The following shows the login response when all login request parameters are OK and MFA is enabled –

[DataContract(Name = “mfaLoginResponse”)]
public class MFALoginResponse
{
[DataMember(Name = “token”)]
public string Token { get; set; }
[DataMember(Name = “authenticatorCode”)]
public string AuthenticatorCode { get; set; }
[DataMember(Name = “authenticator”)]
public string Authenticator { get; set; }
}